How to trouble shoot GELF message XXXX has empty mandatory "short_message" field


(Michael Wiles) #1

So I’m seeing a lot of these messages in my logs.

Is it possible to configure graylog so that the actual source of the message is logged as well as that would indicate where the log message is coming from so I can fix it.

I did try and change log level to trace and I decoded what I see as a log payload but it looks like this is compressed.

Thanks


(Jan Doberstein) #2

he @michaelwiles

currently the logging of such issues is not optimal - you might want to open a nice feature request over at: https://github.com/Graylog2/graylog2-server/issues


#3

I also had problems with this and because we have a load-balancer in the log transmission path to the graylog server I couldn’t track down the IP address of the machine trying to send the short message.
I decided to remove these ‘short messages’ (and messages over 1Mb in size) before it gets to graylog.
I did this in my nxlog output stage of the collector by doing;
Exec if ($short_message == “”) drop();
Exec $raw_event = substr($raw_event, 0, 1000000);

Regards,
Harry W.


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.